I have a zyxel firewall, it can generate self signed certificates, is it possible to have / use a certificate generated and signed by Let's encrypt?
I mean can I generate a certificate signed from let'sencrypt and use it inside a machine not connected to the domain?
Or should I sign somehow the certificate generated by the firewall?
Does your zyxel firewall generate certificate request as well, which you can download to sign? If yes, and as long as the domain name in the certificate request is public and you have control over that domain, it is possible to sign it with Let's Encrypt's CA.
Please clarify your use case:
What will you secure?
the machine is a firewall Zyxel 1900
It has a certificate self signed used for the login page into the firewall and if someone uses the web captive portal he will reach a web page being forwarded by the firewall and get a security warning, since the certificate used is self signed by the firewall.
The domain is not relevant at the moment i can rename the firewall and the domain.
I guess the "inside" threw me off.
Then the only problem I see is automation.
You will most likely find a way to get an LE cert into the firewall but LE certs only last 90 days.
I have a strict procedure to follow in the device.
here it is: https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=003075&lang=EN
do you think it is compatible with letsencrypt procedures?
For the first reading your
zyxel device provides enough PKI feature that it might be compatible with Let's Encrypt. You may have to play with it.
It may work if you choose "Host Domain Name"
enter an FQDN for which you control the DNS zone (a domain name you own)
and complete the authentication process with the generated CSR.
This all, of course, is an extremely manual process - which must be repeated each time before the cert expires (90 day max).